IT Networks - Lecture 2

tastefulsaintregisNetworking and Communications

Oct 27, 2013 (4 years and 12 days ago)

62 views

1


IT Networks
-

Lecture 2


Mark Gleeson

gleesoma@cs.tcd.ie

(01) 896 2666


5th
May 2009

Physical Sciences in Medicine

2

Routing



Networks are formed of smaller networks
joined together


The question arises of how you communicate
where you need to cross numerous networks


We call the selection of the route to use
routing


Challenges


Potentially many routes to your destination


You can get lost


dead ends, loops


Each packet potentially can take different
route


3

The Scenario









Computer A establishes IP address of Computer B


Computer A creates IP packet with address of
Computer B as destination and its own IP address
as source


Routers are responsible to direct packet towards
destination

Computer A

Computer B

4

The Scenario








Best route: Smallest number of hops?

Computer A

Computer B

5

The Scenario







Best route:


Fastest round
-
trip time?


Highest Bandwidth?

Computer A

Computer B

6

Routing Basics








Routing Tables


Creating tables


Dynamic vs. Static


Maintaining tables


Periodic vs.
Aperiodic

Computer A

Computer B

node1

node2

node3

node1

node2

node3

node1

node2

node3

node6

node5

node7

node1

node2

node3

node8

node3

node5

node1

node2

node3

node3

node8

node5

node1

node2

node3

node3

node4

node5

node1

node2

node3

node1

node2

node3

node1

node2

node3

node1

node2

node3

node1

node2

node3

node1

node2

node3

node1

node2

node3

node1

node2

node3

node1

node2

node3

node1

node2

node3

7

Structure of the Internet








Autonomous Systems


e.g. Companies, ISPs, 3rd
-
level Institutions


Autonomous Systems

8

Autonomous Systems








Stub network


Network that does not forward to other network


Transit network


Network that forwards traffic between other
networks


Point
-
to
-
point link

Stub Network

Transit

Network

Point
-
to
-
Point

9

Yet another Layer ?!?


Transport Layer


TCP



Why should you care?


Applications use TCP as main communication
mechanism


HTTP


Remote procedure calls (RPC)


File Transfer

10

Network Layer vs Transport Layer

Network Layer

Transport Layer


Communication between
two nodes


Communication between
processes


Best effort delivery


Ordered, guaranteed
delivery


Connection
-
less
communication


Connection
-
oriented
communication

11

Transport Layer








Process
-
to
-
Process Delivery

12

IP Addresses & Port Numbers


IP Addresses
determine the host


Port Numbers
determine the
application

13

Communication at Transport Layer


Comms at
Transport Layer
from port to port



IP
implementation
multiplexes
depending on
protocol field in
IP header

14

Client
-
Server Paradigm

Server

Port

80

Port

14430

Port

12420

Client A

Client B

Port

14

15

Problems


Connection establishment


Connection termination


Ordered Delivery


Retransmission strategy


Duplication detection


Crash recovery


Flow control



16

Section 4
-

Network Hardware


Connecting hosts and networks require
hardware devices which include..


Networking and Internetworking Devices


Repeaters


Bridges


Hubs


Switches


Routers


Gateways


Brouters



Modems


Transmission Media

17

Networking and Internetworking Devices


These devices can be divided into 3
categories


Repeaters,


Bridges,


Routers and Gateways.


Repeaters and Bridges are used at the
Networking of hosts


Routers and Gateways are used for
Internetworking


18

Repeaters and Bridges


Repeaters


Operate at the physical layer. They
regenerate signals.


Bridges


Operate at the physical and data link layers.


They are used to divide a network into
segments and can control traffic flow and
are useful for securing the network.


They can also regenerate signals.


19

What is a Switch


A layer 2 device


Data Link Layer


Builds a table of the MAC addresses of devices
attached on each port


‘Store and Forward’


Switch receives a packet


Verifies it is error free


Looks at its destination MAC


Sends the packet on


‘Cut Through’


Starts to forward packet once it reads the
destination address


No error checking


Improved performance

Photo thanks to Cisco Systems

20

What is a Router


A layer 3 device




Works at physical, data link and network layers e.g.
Internet Protocol (IP) level


Is a bridge between a number of distinct networks


Example your internal network and the internet beyond


Range from simple devices


ADSL router for home users


To


Extremely complex enterprise level


Looks at the destination of each IP packet and
determines where it would be sent on for its next
hop


Tries to select the best route

21

Connecting Devices and the OSI Model

22

Transmission Media


Transmission Media Characteristics


Bandwidth


Response Time for a request


Transmission Media Types


Twisted Pair


Coaxial cable
-



Fiber Optics


Wireless Media


Radio, Microwaves,
Infrared, Lightwave


23

Unshielded Twisted
-
Pair Cable (UTP)


Most common type of cable used in computer
networks


8 wires forming 4 pairs


Different qualities


Cat 3


for 10Mbps


Cat 5
-

for 100Mbps


Cat 5e


for 1Gbps


Most common in current use


Cat 6


better for 1Gbps may allow 10Gbps


Best to future proof to avoid pain later


Cables of different types look identical


Cable type is printed on the side

24

Fiber Optics


An optical transmission system has three components


The light source


The transmission medium


The detector.


A pulse of light indicates a 1, lack of light indicates a 0.


The transmission medium is a unidirectional ultra thin fibre
of glass or plastic


The system would leak light except for the fact that when a
light ray passes from one medium to another it is refracted
(bent). The amount of refraction depends on the properties
of the two media. The aim is to get the angle of incidence
of the light at such a point to make the light refract back
into the medium. In the case of a fibre optic cable this
means the light is trapped within the cable.


At the centre of the cable is the glass/plastic core which is
surrounded by a glass cladding and then a plastic coating.


25

Transmission Media Performance

Medium

Cost

Speed

Attenuation

EMI

Security

UTP

Low

1
-
100Mbps

High

High

Low

STP

Moderate

1Mbps
-
1Gbps

High

Moderate

Low

Coax

Moderate

1Mbps
-
1Gbps

Moderate

Moderate

Low

Optical
Fibre

High

10Mbps
-
10Gbps

Low

Low

High

Radio

Moderate

1
-
54Mbps

Low
-
High

High

Low

Microwave

High

1Mbps
-

10Gbps

Variable

High

Moderate

Satellite

High

1Mbps
-

10Gbps

Variable

High

Moderate

Cellular

High

9.6
-
19.2Kbps

Low

Moderate

Low

26

Section 6
-

Security


Security Issues



Virtual Private Networks



Issues with wireless networks



Methods of attack



Risks


27

Security Issues


Secrecy


Keeping information out of the hands of
unauthorised users.


Authentication


Making sure you are talking to the right
person.


Data Integrity control


Making sure the data is correct.


Security effects each layer in the network
design.


28

No Network Is Secure


Original Ethernet


Every host on the bus could see and capture every
transmission made


Trivial to recover passwords, web pages you viewed


The physical network itself cannot be considered to be
secure


Wires can be tapped


Wireless communications available to all within range
with a suitable receiver


Need to trade off the strength of security with the
practicality of the measures


Users when faced with a complex process may attempt to
undermine the system


Sharing of passwords


Not logging out

29

Wireless Networks



Extremely vulnerable to attack


Anyone with a suitable radio can listen


IEEE 802.11 originally used a 40 bit WEP key


Wired Equivalent Privacy


Shared encryption key by all users of the network


Later versions supported a 104 bit key


Proved to be very easy to crack in both versions


WiFi

Protected Access

(WPA/WPA2)


Based on 802.11i standard


EAP extensible Authentication Protocol


Authentication framework not a protocol


Can integrate with existing authentication systems


802.1x



30

VPN


Virtual Private Network (1/2)


Best practice in Network Management is to
heavily restrict access to external users or
to block it totally


Avoid potential security issues


Protect from hackers


What of legitimate users


People who work at other locations


31

VPN


Virtual Private Network (2/2)


Not strictly a security solution


Two implementations


Connecting you to a remote network


A network within a network, the VLAN


Allows you to access resources on another
network as if you where connected directly


A secure encrypted tunnel between your
computer and others on the same network


Typically requires a dedicated ‘VPN box’ on the
office end network to provide the service

32

VPN
-

Connecting you to a remote network


Ideal for a single user


Work from home, on the road, other
institution


User needs VPN client software


Setup can be complex for users


Need to implicitly log in to access the
network


Not transparent


Potential security risk if users computer is
breeched


Hacker may have access into network

33

Methods of Attack (1/3)


Impersonation


Using someone else’s password or a terminal that is
already logged on.


Active wire
-
tapping


Connecting a device(authorised/unauthorised) to a
communication link to obtain access to data through the
generation of false messages.


Passive wire
-
tapping


Monitoring data coming over a communication link.


Traffic flow analysis


Analysing the frequency of data traffic, seeing which data
is encrypted and which is not.


Eavesdropping


interception of information

34

Methods of Attack (2/3)


Replay


Play back a recording of a communication


Routing Table modification


Sending messages to the wrong address or multiple
addresses.


Audit Trail Information Modification


To cover up an attack.


Operational Staff Table Modification


To change access rights.


Bogus Frame insert


Inserting bogus information as a frame.


Data Portion Modification


Modify the data portion of a message.


Viruses



35

Methods of Attack (3/3)


Sequencing Information Modification


Change the order of the pieces of information.


Message Deletion


Removing the message completely


Protocol Control Information modification


To send data to a different location.


Misuse of resources


Swamping communication lines


Denial of service


Interruption of power supply


Denial of service


Malicious physical damage


Denial of service


Theft


Parts of computers or entire computers could be stolen.
Confidentiality issues arise.

36

Virtual Local Area Networks

(VLAN)


One physical network can contain many
virtual networks


Simplifies the network


Easier to manage and can be altered in
software without recourse to pulling cables


The 802.1Q draft standard defines Layer 1
and Layer 2 VLAN's


Switches and Routers tag packets with a
VLAN id (12 bits in length) only


Each network user sees just one network



37

Virtual Local Area Networks



Can be organised by


Port on switch basis


Layer 1


E.g. Ports E1
-
E16 + D18 on LAN 1, E17
-
E32 on LAN 2


Good at organisation level, e.g. LAN 1 is one
dept/floor


Bad if users are mobile


Protocol used


Layer 2


All IP traffic on LAN x, IPX on LAN y


By MAC address


Layer 2


List of MAC addresses in each VLAN maintained


Good for mobility, plug in anywhere


Significant administrative overhead to maintain list